57 lines
1.9 KiB
YAML
57 lines
1.9 KiB
YAML
services:
|
|
gitea:
|
|
image: docker.gitea.com/gitea:1.24.6-rootless
|
|
container_name: gitea
|
|
restart: always
|
|
labels:
|
|
- traefik.enable=true
|
|
- traefik.http.routers.gitea.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
|
- traefik.http.routers.gitea.tls=true
|
|
- traefik.http.routers.gitea.entrypoints=web,websecure
|
|
- traefik.http.routers.gitea.tls.certresolver=cloudflare
|
|
- traefik.http.middlewares.gitea.headers.SSLRedirect=true
|
|
- traefik.http.middlewares.gitea.headers.STSSeconds=315360000
|
|
- traefik.http.middlewares.gitea.headers.browserXSSFilter=true
|
|
- traefik.http.middlewares.gitea.headers.contentTypeNosniff=true
|
|
- traefik.http.middlewares.gitea.headers.forceSTSHeader=true
|
|
- traefik.http.middlewares.gitea.headers.SSLHost=${DOMAIN_NAME}
|
|
- traefik.http.middlewares.gitea.headers.STSIncludeSubdomains=true
|
|
- traefik.http.middlewares.gitea.headers.STSPreload=true
|
|
- traefik.http.middlewares.gitea.headers.frameDeny=true
|
|
- traefik.http.routers.gitea.middlewares=gitea@docker
|
|
- traefik.http.services.gitea.loadbalancer.server.port=3000
|
|
- traefik.tcp.routers.gitea-ssh.rule=HostSNI(`${SUBDOMAIN}.${DOMAIN_NAME}`)
|
|
- traefik.tcp.routers.gitea-ssh.entrypoints=ssh
|
|
- traefik.tcp.routers.gitea-ssh.service=gitea-ssh
|
|
- traefik.tcp.services.gitea-ssh.loadbalancer.server.port=558
|
|
- traefik.tcp.routers.gitea-ssh.tls=true
|
|
- traefik.docker.network=mgmt
|
|
env_file:
|
|
- .env
|
|
secrets:
|
|
- DB_PASS
|
|
- SSH_PORT
|
|
volumes:
|
|
- gitea-data:/var/lib/gitea
|
|
- ./config:/etc/gitea
|
|
- /etc/timezone:/etc/timezone:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
# ports:
|
|
# - "3000:3000"
|
|
# - "2222:2222"
|
|
networks:
|
|
- mgmt
|
|
- db
|
|
volumes:
|
|
gitea-data:
|
|
name: gitea-data
|
|
networks:
|
|
mgmt:
|
|
external: true
|
|
db:
|
|
external: true
|
|
secrets:
|
|
DB_PASS:
|
|
file: .secrets/DB_PASS
|
|
SSH_PORT:
|
|
file: .secrets/SSH_PORT |